FS#62219 - [libvirt] usr/lib/firewalld/zones/libvirt.xml seems to be invalid
Attached to Project:
Community Packages
Opened by Leon Möller (jkhsjdhjs) - Tuesday, 02 April 2019, 21:59 GMT
Last edited by freswa (frederik) - Wednesday, 06 May 2020, 17:10 GMT
Opened by Leon Möller (jkhsjdhjs) - Tuesday, 02 April 2019, 21:59 GMT
Last edited by freswa (frederik) - Wednesday, 06 May 2020, 17:10 GMT
|
Details
Description:
The file usr/lib/firewalld/zones/libvirt.xml added with package version 5.1.0-1 seems to be invalid. firewalld errors when attempting to parse it: firewalld[554]: ERROR: Failed to load zone file '/usr/lib/firewalld/zones/libvirt.xml': PARSE_ERROR: rule: Unexpected attribute priority. Downgrading fixes the issue as libvirt 5.0.0-1 doesn't contain the file. Steps to reproduce: Install the latest version of libvirt and firewalld. Start firewalld: systemctl start firewalld Check the firewalld logs: systemctl status firewalld |
This task depends upon
Closed by freswa (frederik)
Wednesday, 06 May 2020, 17:10 GMT
Reason for closing: Fixed
Additional comments about closing: libvirt 5.3.0-1
Wednesday, 06 May 2020, 17:10 GMT
Reason for closing: Fixed
Additional comments about closing: libvirt 5.3.0-1
https://github.com/libvirt/libvirt/commit/3b71f2e42dc6c5453d09136578bfb868874da088
https://github.com/libvirt/libvirt/commit/ae05211a360077f56883cd0a6c0f82ed57f746cb
Edit:
See also https://wiki.archlinux.org/index.php?title=Libvirt&type=revision&diff=557409&oldid=528864 although the note attributes it to a change in libvirt not firewalld gaining nftables support.
More confirmation as per @loqs first link that Arch should build libvirt with:
--without-firewalld-zone
(at least until there is a new firewalld release).
When I try to start firewalld, the following error keeps showing:
ERROR: Failed to load zone file '/usr/lib/firewalld/zones/libvirt.xml': PARSE_ERROR: rule: Unexpected attribute priority
To temporary solve it, I opened /usr/lib/firewalld/zones/libvirt.xml and commented out the lines "<rule priority='32767'><reject/></rule>". Now firewalld service starts and the libvirtd zone is created.
To comment out the lines the following sed command can be used: "/<rule priority='32767'>/,/<\/rule>/ s/^/#/"
The first part selects the lines and the second part inserts a # at the beginning of each line.
Line 170 of the PKGBUILD can be removed btw, it was supposed to fix this issue and isn't necessary anymore.
* Drop the rule adjustment that is no longer need.
* Add firewalld as a makedepend in case autodetection starts expecting it to be present in order to enable the config options --with_firewalld and --with_firewalld_zone.
* Add firewalld as a optdepend to indicate it provides firewall support.
This would also close
FS#64803andFS#62219Hey @loqs, this bit is unnecessary IMHO. "in case" is not a good reason.
The firewalld part of the configure script is only processing the `--with*' args, not looking for anything external (apart from dbus).
configure: firewalld: yes (CFLAGS='' LIBS='')
configure: firewalld-zone: yes
(that's with no firewalld installed)
The libvirt PKGBUILD is already a bit crufty so let's not make it worse.